Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on in the beginning? This, of course, raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be included in this security strategy.

In the recent past, we have also learned that attacks such as the "Solarwinds Hack" are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.

We deal with the following questions:
First, what potential threats are there in general?
Second, what are classic attack points in software development from the source code to binary?
Third, what free tools are there, and where should they be used?
Finally, how can I arm myself against the challenges of cyber attacks today?